From 4dc62ebcf37d7568be1d4ca54367215eba8b8a28 Mon Sep 17 00:00:00 2001
From: ikerexxe <ipedrosa@redhat.com>
Date: Wed, 5 Feb 2020 15:04:39 +0100
Subject: [PATCH] useradd: doesn't generate /var/spool/mail/$USER with the
 proper SELinux user identity

Explanation: use set_selinux_file_context() and reset_selinux_file_context() for create_mail() just as is done for create_home()

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1690527
---
 src/useradd.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/useradd.c b/src/useradd.c
index a679392d..645d4a40 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -190,6 +190,7 @@ static bool home_added = false;
 #define E_NAME_IN_USE	9	/* username already in use */
 #define E_GRP_UPDATE	10	/* can't update group file */
 #define E_HOMEDIR	12	/* can't create home directory */
+#define E_MAILBOXFILE	13	/* can't create mailbox file */
 #define E_SE_UPDATE	14	/* can't update SELinux user mapping */
 #ifdef ENABLE_SUBIDS
 #define E_SUB_UID_UPDATE 16	/* can't update the subordinate uid file */
@@ -2210,6 +2211,16 @@ static void create_mail (void)
 			sprintf (file, "%s/%s/%s", prefix, spool, user_name);
 		else
 			sprintf (file, "%s/%s", spool, user_name);
+
+#ifdef WITH_SELINUX
+		if (set_selinux_file_context (file, NULL) != 0) {
+			fprintf (stderr,
+			         _("%s: cannot set SELinux context for mailbox file %s\n"),
+			         Prog, file);
+			fail_exit (E_MAILBOXFILE);
+		}
+#endif
+
 		fd = open (file, O_CREAT | O_WRONLY | O_TRUNC | O_EXCL, 0);
 		if (fd < 0) {
 			perror (_("Creating mailbox file"));
@@ -2234,6 +2245,15 @@ static void create_mail (void)
 
 		fsync (fd);
 		close (fd);
+#ifdef WITH_SELINUX
+		/* Reset SELinux to create files with default contexts */
+		if (reset_selinux_file_context () != 0) {
+			fprintf (stderr,
+			         _("%s: cannot reset SELinux file creation context\n"),
+			         Prog);
+			fail_exit (E_MAILBOXFILE);
+		}
+#endif
 	}
 }
 
-- 
2.24.1